<?php

setlocale(LC_ALL, "ru_RU.UTF-8");
mb_internal_encoding("UTF-8");

require_once ("./config/setup.php");
require_once ("./libs/db.class.php");
require_once ("./libs/utils.inc.php");
$sm = new SSmarty();
$db = new DB();

$curRealDir = mb_substr($_SERVER["SCRIPT_FILENAME"], 0, mb_strrpos($_SERVER["SCRIPT_FILENAME"], "/"));
$curSiteDir = "http://" . $_SERVER["SERVER_NAME"] . mb_substr($_SERVER["PHP_SELF"], 0, mb_strrpos($_SERVER["PHP_SELF"], "/"));
$curPage = mb_substr($_SERVER["SCRIPT_NAME"], mb_strrpos($_SERVER["SCRIPT_NAME"], "/") + 1);

$sm->assign("curSiteDir", $curSiteDir);
$sm->assign("curPage", $curPage);

if (!isset($_GET["action"])) {
    $db->dbq("
                Select
                    newid as newid,
                    caption as caption
                From
                    news
                Order By
                    position DESC
            ");

    $currentNews = array();
    while ($arr = $db->assoc()) {
        $currentNews[] = $arr;
    }

    $currentNews = stripRecursive($currentNews);

    $sm->assign("currentNews", $currentNews);
} elseif ($_GET["action"] == "change") {
    if (preg_match("'^[0-9]+'$iu", $_GET["newid"])) {
        $db->dbq("
                    Select
                        *
                    From
                        news
                    Where
                        newid = \"" . $_GET["newid"] . "\"
                ");
        $currentNew = $db->assoc();
        $currentNew["tags"] = json_decode($currentNew["tags"], true);
        $currentNew = stripRecursive($currentNew);
        $currentNew["tags"] = join(", ", $currentNew["tags"]);

        $sm->assign("currentNew", $currentNew);
    } else {
        $sm->assign("redirectPage", $curPage);
        $sm->assign("error", "Неверное значение идентификатора новости");
        $sm->display("reset.html");
        exit(0);
    }
} elseif ($_GET["action"] == "delete") {
    if (preg_match("'^[0-9]+'$iu", $_GET["newid"])) {

        $db->dbq("
                    Select
                        newid as newid,
                        caption as caption
                    From
                        news
                    Where
                        newid = \"" . $_GET["newid"] . "\"
                ");
        $currentNew = $db->assoc();

        $currentNew = stripRecursive($currentNew);

        $sm->assign("currentNew", $currentNew);
    } else {
        $sm->assign("redirectPage", $curPage);
        $sm->assign("error", "Неверное значение идентификатора новости");
        $sm->display("reset.html");
        exit(0);
    }
} elseif ($_GET["action"] == "moveup") {
    if (preg_match("'^[0-9]+'$iu", $_GET["newid"])) {
        $db->dbq("
                    Select
                        position,
                        (
                            Select
                                Max(position)
                            From
                                news
                        )
                    From
                        news
                    Where
                        newid = \"" . $_GET["newid"] . "\"
                ");

        $arr = $db->row();
        $position = $arr[0];

        if ($position < $arr[1]) {

            $db->dbq("
                        Update
                            news
                        Set
                            position = (position - 1)
                        Where
                            position = " . ($position + 1) . "
                    ");

            $db->dbq("
                        Update
                            news
                        Set
                            position = (position + 1)
                        Where
                            newid = \"" . $_GET["newid"] . "\"
                    ");
        }

        $sm->assign("redirectPage", $curPage);
        $sm->display("reset.html");
        exit(0);
    } else {
        $sm->assign("redirectPage", $curPage);
        $sm->assign("error", "Неверное значение идентификатора новости");
        $sm->display("reset.html");
        exit(0);
    }
} elseif ($_GET["action"] == "movedown") {
    if (preg_match("'^[0-9]+'$iu", $_GET["newid"])) {
        $db->dbq("
                    Select
                        position
                    From
                        news
                    Where
                        newid = \"" . $_GET["newid"] . "\"
                ");

        $arr = $db->row();
        $position = $arr[0];

        if ($position > 1) {

            $db->dbq("
                        Update
                            news
                        Set
                            position = (position + 1)
                        Where
                            position = " . ($position - 1) . "
                    ");

            $db->dbq("
                        Update
                            news
                        Set
                            position = (position - 1)
                        Where
                            newid = \"" . $_GET["newid"] . "\"
                    ");
        }

        $sm->assign("redirectPage", $curPage);
        $sm->display("reset.html");
        exit(0);
    } else {
        $sm->assign("redirectPage", $curPage);
        $sm->assign("error", "Неверное значение идентификатора новости");
        $sm->display("reset.html");
        exit(0);
    }
} elseif ($_GET["action"] == "comments") {
    $sm->assign("redirectPage", "comments.php?newid=" . $_GET["newid"]);
    $sm->display("reset.html");
    exit(0);
}

if (isset($_POST["newAddEnter"])) {
    $_POST = escapeRecursive($_POST);
    $tags = split(",", trim($_POST["tags"], " \r\n\t.,"));
    foreach ($tags as $index => $tag) {
        $tags[$index] = trim(htmlspecialchars($tag));
    }
    $tags = mysql_real_escape_string(json_encode($tags));

    $db->dbq("
                    Select
                        Max(position)
                    From
                        news
                ");
    $arr = $db->row();
    if ($arr[0] == "") {
        $nextPosition = 1;
    } else {
        $nextPosition = $arr[0] + 1;
    }

    $db->dbq("
                Insert
                Into
                    news
                Values
                    (
                        0,
                        \"" . $_POST["caption"] . "\",
                        \"" . $_POST["maintext"] . "\",
                        Now(),
                        \"" . $_POST["author"] . "\",
                        Null,
                        \"" . $tags . "\",
                        \"" . $nextPosition . "\"
                    )
             ");

    $sm->assign("redirectPage", $curPage);
    $sm->display("reset.html");
    exit(0);
} elseif (isset($_POST["newChangeEnter"])) {
    $_POST = escapeRecursive($_POST);
    $tags = split(",", trim($_POST["tags"], " \r\n\t.,"));
    foreach ($tags as $index => $tag) {
        $tags[$index] = trim(htmlspecialchars($tag));
    }
    $tags = mysql_real_escape_string(json_encode($tags));

    $db->dbq("
                Update
                    news
                Set
                    caption = \"" . $_POST["caption"] . "\",
                    maintext = \"" . $_POST["maintext"] . "\",
                    postdate = Now(),
                    author = \"" . $_POST["author"] . "\",
                    tags = \"" . $tags . "\"
                Where
                    newid = \"" . $_POST["newid"] . "\"
             ");

    $sm->assign("redirectPage", $curPage);
    $sm->display("reset.html");
    exit(0);
} elseif (isset($_POST["newDeleteEnter"])) {
    $_POST = escapeRecursive($_POST);

    $db->dbq("
                Select
                    position
                From
                    news
                Where
                    newid = \"" . $_POST["newid"] . "\"
            ");
    $arr = $db->row();

    $db->dbq("
                Update
                    news
                Set
                    position = (position - 1)
                Where
                    position > " . $arr[0] . "
            ");

    $db->dbq("
                Delete
                From
                    news
                Where
                    newid = \"" . $_POST["newid"] . "\"
             ");

    $sm->assign("redirectPage", $curPage);
    $sm->display("reset.html");
    exit(0);
}

$sm->assign("design", $sm->template_dir);
$sm->display("index.html");
?>